Re-word serialization cyclic import code comments

- Try to clarify purpose and remove unimportant TODO note
- Use pylint block-level control for shorter lines, see
  http://pylint.pycqa.org/en/latest/user_guide/message-control.html#block-disables

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Author: Lukas Puehringer

tuf/api/metadata.py

@@ -128,9 +128,9 @@ def from_file(
 
         """
         if deserializer is None:
-            # Function-scope import to avoid circular dependency. Yucky!!!
-            # TODO: At least move to _get_default_metadata_deserializer helper.
-            from tuf.api.serialization.json import JSONDeserializer # pylint: disable=import-outside-toplevel
+            # Use local scope import to avoid circular import errors
+            # pylint: disable=import-outside-toplevel
+            from tuf.api.serialization.json import JSONDeserializer
             deserializer = JSONDeserializer()
 
         if storage_backend is None:
@@ -171,9 +171,9 @@ def to_file(self, filename: str, serializer: MetadataSerializer = None,
 
         """
         if serializer is None:
-            # Function-scope import to avoid circular dependency. Yucky!!!
-            # TODO: At least move to a _get_default_metadata_serializer helper.
-            from tuf.api.serialization.json import JSONSerializer # pylint: disable=import-outside-toplevel
+            # Use local scope import to avoid circular import errors
+            # pylint: disable=import-outside-toplevel
+            from tuf.api.serialization.json import JSONSerializer
             serializer = JSONSerializer(True) # Pass True to compact JSON
 
         with tempfile.TemporaryFile() as temp_file:
@@ -206,10 +206,10 @@ def sign(self, key: JsonDict, append: bool = False,
             A securesystemslib-style signature object.
 
         """
-        if serializer is None:
-            # Function-scope import to avoid circular dependency. Yucky!!!
-            # TODO: At least move to a _get_default_signed_serializer helper.
-            from tuf.api.serialization.json import CanonicalJSONSerializer # pylint: disable=import-outside-toplevel
+        if signed_serializer is None:
+            # Use local scope import to avoid circular import errors
+            # pylint: disable=import-outside-toplevel
+            from tuf.api.serialization.json import CanonicalJSONSerializer
             serializer = CanonicalJSONSerializer()
 
         signature = create_signature(key, serializer.serialize(self.signed))
@@ -259,9 +259,9 @@ def verify(self, key: JsonDict,
                     f'{key["keyid"]}, not sure which one to verify.')
 
         if serializer is None:
-            # Function-scope import to avoid circular dependency. Yucky!!!
-            # TODO: At least move to a _get_default_signed_serializer helper.
-            from tuf.api.serialization.json import CanonicalJSONSerializer # pylint: disable=import-outside-toplevel
+            # Use local scope import to avoid circular import errors
+            # pylint: disable=import-outside-toplevel
+            from tuf.api.serialization.json import CanonicalJSONSerializer
             serializer = CanonicalJSONSerializer()
 
         return verify_signature(

tuf/api/serialization/json.py

@@ -15,8 +15,9 @@
 from securesystemslib.formats import encode_canonical
 
 # pylint: disable=cyclic-import
-# ... to allow de/serializing the correct metadata class here, while also
-# creating default de/serializers there (see metadata function scope imports).
+# ... to allow de/serializing Metadata and Signed objects here, while also
+# creating default de/serializers there (see metadata local scope imports).
+# NOTE: A less desirable alternative would be to add more abstraction layers.
 from tuf.api.metadata import Metadata, Signed
 from tuf.api.serialization import (MetadataSerializer,
                                    MetadataDeserializer,